April 01, 2010

Apple Prepares Anti-Phishing Protections with Google or Symantec

On April 1, 2010, the US Patent & Trademark Office published a patent application from Apple that reveals various concepts behind a newly advanced Phishing Shield. Various anti-phishing protections are covered which incidentally indicates that the new evaluator tool and process associated with the phishing shield may in part use the services from either Google or Symantec. Perhaps that's what Jobs and Schmidt were recently chatting about over coffee – ha!

Patent Overview

Internet content is typically provided and presented to users by means of an internet browser, such as Apple's Safari, Mozilla's Firefox, Microsoft's Internet Explorer or Europe's Opera. As internet use becomes more common, many businesses have begun to use the internet as a medium through which to interact with customers, both new and existing. Such businesses include existing businesses, such as those providing financial services, seeking to augment services already provided through other means, as well as new businesses established to provide services solely through the internet.

Many of these businesses require customers to provide sensitive or private personal information through a web page in order to gain access to services. Such sensitive personal information may include social security information, address and telephone number, birth date, credit card information, etc. There also exist other types of non-commercial websites that request similarly sensitive personal information.

As the use of such websites has become more common, so has the practice of creating forged replicas of the websites as a means of obtaining sensitive personal information from unsuspecting or less than savvy internet users. The use of forged replicas of websites to obtain sensitive personal information is known in the art as "phishing." Phishing is typically used to obtain personal or financial information in order to enable identity theft or other fraudulent or disreputable activities.

As concern over phishing has grown, developers of internet browsers have attempted to protect users from the practice. One means of protecting users from phishing involves the use of a repository of IP address ranges known to be suspect, made available at a trusted internet location. Internet browsers are often equipped with a means for comparing requested websites with such repositories, and will provide some indicator to users if a requested website is suspected to be a forgery.

Apple's patent generally relates to a method and a system for notifying a user that a requested website is a forgery, and protecting the user from the forged website.

Phishing Shield Example

Apple's patent FIG. 1B shown above illustrates an example webpage as it would if it were determined to be a suspected forgery. The content 102 is displayed behind a graphical element representing a gray-tinted glass shield, 130 which acts as a translucent shield. This shield may appear in an animated fashion when activated. For example, the shield may appear by sliding down from the top of web browser 100, sliding up from the bottom, sliding in from one side or another, fading in and out, or by any other means known in the art. Username entry field 103 and password entry field 104 are disabled. Warning 120 is what is known in the art as a modal dialog box, requiring the user to acknowledge the warning before the user can interact any further with the internet browser.

However, the warning displayed in element 120 does not, when dismissed, also dismiss the anti-phishing protections altering the appearance of content 102 or disabling the username entry field 103 and password entry field 104. The warning simply alerts the user as to why the protections have been activated. A user would have to perform some additional action in certain embodiments, such as navigating to a menu item, or selecting a toolbar icon, to disable these protections, thus preventing a user from hastily dismissing the protections.

The Evaluator Tool/Process

Apple's patent FIG. 2 illustrates an implementation of determining whether a requested URL is a forgery. Web browser 200 receives, at evaluator 201, a request for URL 202. The evaluator sends an IP address range 204, containing the IP associated with the requested URL, to a trusted remote resource 203. The address range may simply be a partial IP address obtained by dropping a fixed number of bits from the IP associated with the requested URL. The trusted resource responds to the IP address range with a list of blacklisted IP addresses, 205, containing all suspicious IP addresses in the requested range. The evaluator then searches this list of suspicious IP addresses for the IP address associated with the requested URL. If the IP address is found then the requested URL has been determined to be a suspected forgery. Otherwise, the requested URL has been determined not to be a suspected forgery. In other embodiments, a value obtained by hashing the IP address may be sent, rather than the IP address range. In either alternative, the purpose of this method of using a trusted remote resource is to protect the privacy of the user, so as to prevent any tracking of exactly which URLs the user is requesting.

As discussed above, the trusted remote resource 203 is a repository with a current list of IP addresses associated with suspicious activity. In some embodiments, trusted remote resource may be a service provided by Google, Inc., of Mountain View, Calif., or Symantec Corp., of Cupertino, Calif.

Apple credits Darin Adler and Kevin Decker as the inventors of patent application 20100083383, originally filed in Q3 2008.

Notice:Patently Apple presents only a brief summary of patents with associated graphic(s) for journalistic news purposes as each such patent application and/or grant is revealed by the U.S. Patent & Trade Office. Readers are cautioned that the full text of any patent application and/or grant should be read in its entirety for further details. For additional information on any patent reviewed here today, simply feed the individual patent number(s) noted in this report into thissearch engine.